Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Also, our mailing lists were having issues so we needed to resend this
message. We apologize if you receive it multiple times.
Thanks,
The Volatility Team
Hello All,
We are writing to gauge interest in our team resuming in-person
Malware and Memory Forensics trainings. We have not held one of these
since early 2020 but have started to receive inquiries about when they
would return. To help with our decision making, we have put together a
survey to help shape a potential in-person training in the USA in the
Fall. If you have interest in attending this course, or if would like
to suggest alternative options, then please fill out the survey here:
https://www.memoryanalysis.net/training-2022-survey
The survey will close next Friday on April 29th.
We would like to note that our self-paced, online training will remain
in place even when in-person trainings resume.
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
Please let us know if you have any questions or concerns.
Thanks,
The Volatility Team
The Call for Papers for the 2022 DFRWS USA conference is open!
Since 2005, DFRWS has been one of the main venues for publishing
cutting edge research and techniques related to memory forensics.
It is also a great venue to publish a peer-reviewed paper in an
academic setting that understands the value of memory forensics and
malware analysis.
If you are interested in submitting, then please see this year's CFP:
https://dfrws.org/dfrws-usa-2022-call-for-papers-is-open/
Thanks,
Andrew
We (the Volatility team) are often asked about what the memory forensics R&D process looks like, and how the abuse of an API by malware or a new code injection technique can be successfully uncovered by a Volatility plugin.
To illustrate this process, we just published a blog post that takes you from analyzing a potent target - the Skeleton Key attack of Mimikatz - through developing a new Volatility 3 plugin that can automatically detect it:
https://volatility-labs.blogspot.com/2021/10/memory-forensics-r-illustrated…
Feedback and comments are greatly appreciated.
We hope you enjoy the post!
We are very excited to announce that our malware and memory forensics training course is now available online!
Full information can be found here:
https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-t…
This course deeply covers all aspects of memory analysis and ensures that you are ready to take on modern threats.
If you have any questions then please let us know.
- The Volatility Team
We just posted a new writeup on a common analysis task required when investigating real world systems - deciphering hooks placed by AV/EDR vs those placed by malware
The post can be found here:
https://volatility-labs.blogspot.com/2020/05/when-anti-virus-engines-look-l…
Please let us know if you have any questions or comments, and we hope you enjoy the read!
At a recent Volexity Cyber Security Session, Steven Adair gave a presentation on how OceanLotus lures and targets its victims, including malware, fake news websites and organizations, and fake social media campaigns. If you want to see what real nation-state level targeting looks like then check out his talk:
https://www.volexity.com/company/resources/digital-surveillance-and-cyberes…
Windows 10 brought about significant changes in how file system and memory analysis must be performed.
I explore all of these changes in a recorded talk at the last Volexity CyberSecurity Session:
https://www.volexity.com/company/resources/windows-10-dfir-challenges-andre…
There is no signup required to watch or any other marketing nonsense, just the video and the accompanying slides.
Feedback and questions are welcome, and I hope you enjoy!
We at Volexity are looking for a Malware Reverse Engineer to join our team. The ideal candidate will have several years of experience in analyzing real-world malware and attacker toolsets as well as be familiar with the wider threat-intel and DFIR landscapes.
The job description can be found on our website:
https://www.volexity.com/company/careers/malware-reverse-engineer/
Volexity was founded by leading experts in the threat intelligence realm as well as several of the core Volatility developers. This includes Michael Ligh and myself. Our work centers on providing products, services, and training related to memory analysis, incident response, and threat intel. Our main client focus is highly targeted organizations across private industry, government, and NGOs.
Highlights of several of our efforts are on our blog, such as the recent Exchange vulnerability:
https://www.volexity.com/blog/2020/03/06/microsoft-exchange-control-panel-e…
Digital targeting of China's minority Uyghur population:
https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surv…
And attack campaigns related to the 2016 United States election:
https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phis…
If this type of work interests you, then please submit your information on the career page linked above. Please do NOT reply to this email with your resume/application.
We wanted to remind everyone that we are now about two months away from our first public west coast training in several years. This is the timeframe where we start to get many requests so if you want a guaranteed spot then please reach out to us ASAP.
We will be in San Diego the week of March 9th for five days of Malware and Memory Forensics training led by the Volatility Team.
Full information can be found here:
https://volatility-labs.blogspot.com/2019/10/volatility-malware-and-memory-…
If you can’t join us in San Diego then we will also be hosting 3 other public trainings this year:
- April 20-24, Herndon, VA
- September 21-25, Amsterdam, NL
- October 12-16, Herndon, VA
And if you missed some of our last emails, we recently announced the Volatility 3 Public Beta:
https://volatility-labs.blogspot.com/2019/10/announcing-volatility-3-public…
As well as the results of the 2019 Volatility Plugin and Analysis Contests:
https://volatility-labs.blogspot.com/2019/11/results-from-2019-volatility-c…
Please reach out to us if you have any questions, and we look forward to meeting many new students and Volatility users this year!
